| ID | Title | Description |
|---|---|---|
| CCC.KeyMgmt.TH01 | Deletion or Disabling of Key Versions Causing Denial of Service or Data Loss | Disabling, scheduling deletion, or permanently purging KMS key versions that protect sensitive data can prevent required decryption or signing operations. Service interruption or irreversible data loss may occur if the key material is no longer recoverable. |
| CCC.KeyMgmt.TH02 | Unrestricted Use of a KMS Key to Decrypt Data | Misconfigured permissions that allow broad invocation of the Decrypt API can expose plaintext data, enabling unintended disclosure or exfiltration of sensitive information. |
| CCC.KeyMgmt.TH03 | Key Rotation is Disabled or Delayed Beyond Policy Limits | Modification of automatic or manual rotation settings can keep older key material active longer than intended, decreasing cryptographic resilience and extending exposure in the event of key compromise. |
| CCC.KeyMgmt.TH04 | Introduction of Weak or Compromised Key Material During Import | Insufficient validation during the key-import process may allow weak, back-doored, or otherwise compromised key material to be introduced, reducing the overall strength of subsequent cryptographic operations. |
Crypto / Key
Threats
Version: